/***************************************************************
*  Copyright (c) 2009 by GroupMe! Team (www.groupme.net)
*  All rights reserved.
*
*  This file is part of the GroupMe! Project. Source code of 
*  this project is closed and redistribution of this code is
*  prohibited. 
*  
*  Contact: http://www.groupme.net
*
*  This copyright notice MUST APPEAR in all copies of the file!
***************************************************************/
package net.groupme.controller.oauth;

import java.io.OutputStream;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import net.oauth.OAuth;
import net.oauth.OAuthAccessor;
import net.oauth.OAuthConsumer;
import net.oauth.OAuthMessage;
import net.oauth.server.OAuthServlet;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.mvc.Controller;

/**
 * This class controls the OAuth authorization, which enables other applications to act on behalf
 * of a GroupMe! user, if the GroupMe! user has authorized the application.<br/>
 * In particular, this controller handles the requests for tokens.
 * 
 * @author Fabian Abel, <a href="mailto:abel@l3s.de">abel@l3s.de</a>
 * @author last edited by: $Author: fabian $
 * 
 * @version created on Feb 26, 2009
 * @version $Revision: 1.2 $ $Date: 2009-03-12 10:12:16 $
 */
public class OAuthRequestTokenController implements Controller {

	/** Logger for this class and subclasses */
	protected final Log logger = LogFactory.getLog(getClass());
	
	/**
	 * Creates a new OAuthRequestTokenController instance. 
	 */
	public OAuthRequestTokenController() {
		super();
		
	}

	/* (non-Javadoc)
	 * @see org.springframework.web.servlet.mvc.Controller#handleRequest(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
	 */
	public ModelAndView handleRequest(HttpServletRequest request,
			HttpServletResponse response) throws Exception {
		logger.info("OAuth: Requesting Token.");
		
		ModelAndView mav = new ModelAndView();
		try{
			OAuthMessage requestMessage = OAuthServlet.getMessage(request, null);
			requestMessage = OAuthProvider.prepare(requestMessage);
			logger.info(requestMessage);
			
			OAuthConsumer consumer = OAuthProvider.getConsumer(requestMessage);
	        logger.info("Consumer: " + consumer);
	        OAuthAccessor accessor = new OAuthAccessor(consumer);
	        logger.info("Accessor: " + accessor);
	        
	        OAuthProvider.VALIDATOR.validateMessage(requestMessage, accessor);
	        {
	            // Support the 'Variable Accessor Secret' extension
	            // described in http://oauth.pbwiki.com/AccessorSecret
	            String secret = requestMessage.getParameter("oauth_accessor_secret");
	            System.out.println(secret);
	            if (secret != null) {
	                accessor.setProperty(OAuthConsumer.ACCESSOR_SECRET, secret);
	            }
	        }
	        // generate request_token and secret
	        OAuthProvider.generateRequestToken(accessor);
	        
	        response.setContentType("text/plain");
	        OutputStream out = response.getOutputStream();
	        OAuth.formEncode(OAuth.newList("oauth_token", accessor.requestToken,
	                                       "oauth_token_secret", accessor.tokenSecret),
	                         out);
	        out.close();
		} catch (Exception e){
			OAuthProvider.handleException(e, request, response, true);
	    }
		return null;
	}

}
